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Amendments to the Claims 

This listing of claims will replace all prior versions, and listings, of claims in the 
application. 

1 . (Currently Amended) A method for limiting access to an electronic 
document, comprising: 

associating, by one or more computing devices, a classifier with a first state of a 
process-driven security policy having a plurality of states, with each of the different 
states having [[a]] different sets of access restrictions; 

associating, by one or more computing devices, an identifier representing a user 
or a group of users with the first state of the process-driven security policy; 

associating, by one or more computing devices, the electronic document with at 
least the first state of the process-driven security policy having a set of access restrictions 
on the electronic document; 

limiting access to the electronic document by encrypting, by the one or more 
computing devices, at least a portion of the electronic document using a group key 
corresponding to the identifier and a state key corresponding to the classifier and 
requiring at least both the group key and the state key to decrypt at least the portion of 
the electronic document; and 

changing, by the one or more computing devices, the state of the process-driven 
security policy for the electronic document automatically without user or administrator 
interaction from the first state to a second state in response to an internal or external 
system event, wherein the changed state is based on a transition rule associated with the 
event. 
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2. 



(Previously Presented) 



The method as recited in claim 1, wherein 



the identifier is a user ID or a group ID. 



3. 



(Previously Presented) 



The method as recited in claim 1, wherein 



the process-driven security policy is provided as part of a document security system. 



said method further comprises: 

creating the electronic document; and 

assigning the identifier to the created electronic document. 

5. (Currently Amended) The method as recited in claim 1, wherein the 
process-driven security policy is provided as part of a document security system, and 

wherein said method further comprises: 

creating a plurality of electronic documents; and 

assigning the identifier and the classifier to each of the created electronic 
documents associated with the first state. 

6. (Currently Amended) A method for imposing access restrictions on an 
electronic document, comprising: 

associating, by the one or more computing devices, an electronic document with 
at least a first state of a plurality of states of a process-driven security policy, the first 



4. 



(Previously Presented) 



The method as recited in claim 1, wherein 
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state associated with a classifier and with an identifier representing a user or a group of 
users, each of the with different states having [[a]] different sets of access restrictions; 

imposing the set of access restrictions associated with the first state on the 
electronic document by encrypting, by the one or more computing devices, at least a 
portion of the electronic document using a group key corresponding to the identifier and 
a state key corresponding to the classifier and requiring at least both the group key and 
the state key to decrypt at least the portion of the electronic document; and 

changing, by the one or more computing devices, the state of the process-driven 
security policy for the electronic document automatically without user or administrator 
interaction from the first state to a second state in response to an internal or external 
system event, wherein the changed state is based on a transition rule associated with the 
event. 

7. (Cancelled) 

8. (Previously Presented) The method as recited in claim 6, wherein 
the event is a user-triggered event. 

9. (Previously Presented) The method as recited in claim 6, wherein 
the event occurs at or is received at the client machine. 

10. (Previously Presented) The method as recited in claim 6, wherein 
the electronic document includes security information, and the security information 
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includes at least an indication of the state of the process-driven security policy for the 
electronic document. 

1 1 . (Previously Presented) The method as recited in claim 6, wherein 
said method is performed on a plurality of documents on a document-by-document basis. 

12. (Currently Amended) The method as recited in claim 6, wherein at the 
client machine, each of a plurality of electronic documents is in one of the states of the 
process-driven security policy. 

13. (Currently Amended) A tangible computer-readable medium having 
stored thereon computer-executable instructions that, if executed by a computing device, 
cause the computing device to perform a method for imposing access restrictions on an 
electronic document, the method comprising: 

associating an electronic document with at least a first state of a plurality of states 
of a process-driven security policy, the first state associated with a classifier and with an 
identifier representing a user or a group of users, each of the with different states having 
[[a]] different sets of access restrictions; 

imposing the set of access restrictions associated with the first state on the 
electronic document by encrypting at least a portion of the electronic document using a 
group key corresponding to the identifier and a state key corresponding to the classifier 
and requiring at least both the group key and the state key to decrypt at least the portion 
of the electronic document; and 
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changing the state of the process-driven security policy for the electronic 

document automatically without user or administrator interaction from the first state to a 

second state in response to an internal or external system event, wherein the changed 

state is based on a transition rule associated with the event. 

14. (Cancelled) 

15. (Previously Presented) The tangible computer-readable medium as 
recited in claim 13, wherein the event is a user-triggered event. 

16. (Previously Presented) The tangible computer-readable medium as 
recited in claim 13, wherein the event occurs at or is received at the client machine. 

17. (Previously Presented) The tangible computer-readable medium as 
recited in claim 13, wherein the electronic document includes security information, and 
the security information includes at least an indication of the state of the process-driven 
security policy for the electronic document. 

18. (Previously Presented) The tangible computer-readable medium as 
recited in claim 13, wherein the process-driven security policy is imposed on a plurality 
of documents on a document-by-document basis. 
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19. (Currently Amended) The tangible computer-readable medium as recited 
in claim 13, wherein at the client machine, each of a plurality of electronic documents is 
in one of the states of the process-driven security policy. 

20. (Cancelled) 

21. (Previously Presented) The method as recited in claim 1, wherein 

the event occurs at or is received at a client machine. 

22. (Previously Presented) The method as recited in claim 1, wherein 
the event is a user-triggered event. 
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